Read this shit from beginning to the end because this tool can save a lot of time for you 


and will use only valid logins for cracking! 


First you need to scan IP ranges for open RDP port 


RDP port is always 3389 


You can remove arguments or keep default ones - with those port scanner will stop 


when it gets 100k ips with open ports. 


For IP ranges use this website: 


://countryipblocks.net/acl. 


Choose country which you want to scan and select ip ranges format: 


We will use password list for cracking which | will tell you more about later in this tutorial 
but at this point you can choose more than one country for port scanning in the country 
selection with holding CTRL key. For example you can choose Portugal and Brasil as 
these countries use the same language so passwords will be similiar in both of them. 
Keep in mind choosing too many countries may result in very long time needed to scan 
all of ip ranges! 


When you do this put your ip ranges in rdp forcer, click start and wait till the scanning is 
done. IPs with open 3389 port will get saved in "log" folder as scan.txt file. 


After scanning is done and you have some IPs (I recommend 10k+) go to detector tab. 


This is the best thing in RDP forcer as it saves a lot of time for you. Basically detector 


connects to IPs with open ports and checks what windows usernames are on them: 


When this is done we of course go to ForcerX tab: 


You can find previously detected ips with usernames in log folder as detectorGood.txt - 


add this file as ‘file recognized IPs' 
About password list: 


You can use passwd.txt which contains some basic passwords which aren't that bad OR 
you can spend some time making your password list. 


For example you can make it bigger to check more combinations or use only few basic 


passwords such as admin, password, user, administrator etc. 


When bruteforcing also remember to put some passwords in language used in that 


country for example when | bruteforce Brazilian rdps password "senha" is a must have. 


Mlogin% - will use detected username as password 
%Login% - the same as above but with first letter capital 


MLOGIN% - all capital letters 


Mnigol% / YNIGOL% - login backwards 


you can try others like %login%123 and more complicated patterns 


